cip-dev.lists.cip-project.org archive mirror
 help / color / mirror / Atom feed
* New CVE entries this week
@ 2023-03-22 23:10 Masami Ichikawa
  2023-03-23  9:32 ` xfs/setgid rewrite in 5.10 was Re: [cip-dev] " Pavel Machek
  0 siblings, 1 reply; 2+ messages in thread
From: Masami Ichikawa @ 2023-03-22 23:10 UTC (permalink / raw)
  To: cip-dev

Hi !

It's this week's CVE report.

This week reported 6 new CVEs and 2 updated CVEs.

* New CVEs

CVE-2023-28466: net: tls: fix possible race condition between
do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

CVSS v3 score is 7.0 HIGH.

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through
6.2.6 lacks a lock_sock call, leading to a race condition (with a
resultant use-after-free or NULL pointer dereference).
This bug was introduced by commit 3c4d755 ("tls: kernel TLS support")
in 4.13-rc1. The 4.4 kernels aren't affected.

Fixed status
mainline: [49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962]
stable/6.1: [14c17c673e1bba08032d245d5fb025d1cbfee123]
stable/6.2: [5231fa057bb0e52095591b303cf95ebd17bc62ce]

CVE-2022-48423: An out-of-bounds was found in ntfs3 driver

CVSS v3 score is not provided.

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate
resident attribute names. An out-of-bounds write may occur.
The ntfs3 module was introduced in 5.15-rc1 so that before 5.15
kernels aren't affected.

Fixed status
mainline: [54e45702b648b7c0000e90b3e9b890e367e16ea8]
stable/5.15: [3a52f17867727818ae8dbcfd9425033df32f92e0]
stable/6.1: [2f041a19f4eb72bcc851f9e3a15f3cfd1ae1addf]

CVE-2022-48424: An oob memory access bug was found in ntfs3 driver

CVSS v3 score is not provided.

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate
the attribute name offset. An unhandled page fault may occur.
The ntfs3 module was introduced in 5.15-rc1 so that before 5.15
kernels aren't affected.

Fixed status
mainline: [4f1dc7d9756e66f3f876839ea174df2e656b7f79]
stable/5.15: [c878a915bcb992c12a97ebae1013e377158f560a]
stable/6.1: [b343c40bb7ff9095430c3f31468a59f8a760dabd]

CVE-2022-48425: fs/ntfs3: Validate MFT flags before replaying logs

CVSS v3 score is not provided.

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid
kfree because it does not validate MFT flags before replaying logs.
The ntfs3 module was introduced in 5.15-rc1 so that before 5.15
kernels aren't affected.

Fixed status
Patch is available in the linux-next There

CVE-2023-1281: net/sched: tcindex: imperfect hash filters

CVSS v3 score is not provided(NIST).
CVSS v3 score is 7.8 HIGH(CNA).

A race condition bug will cause a use-after-free in net/sched subsystem.
This bug was introduced by commit 9b0d444 ("net: sched: avoid atomic
swap in tcf_exts_change") in 4.14-rc1 so that 4.4 is not affected.

Fixed status
mainline: [ee059170b1f7e94e55fa6cadee544e176a6e59c2]
stable/5.10: [eb8e9d8572d1d9df17272783ad8a84843ce559d4]
stable/5.15: [becf55394f6acb60dd60634a1c797e73c747f9da]
stable/6.1: [bd662ba56187b5ef8a62a3511371cd38299a507f]

CVE-2023-1513: kvm: initialize all of the kvm_debugregs structure
before sending it to userspace

CVSS v3 score is not provided.

A kernel information leak bug was found when processing
KVM_GET_DEBUGREGS ioctl in kvm_vcpu_ioctl_x86_get_debugregs() in the
kvm subsystem.
It may leak information from uninitialized kvm_debugregs structure value.

Kernel 4.4 might be affected by this issue.

Fixed status
mainline: [2c10b61421a28e95a46ab489fd56c0f442ff6952]
stable/4.14: [1d43de93b35d85981006ec3c52c0cad8af1f2f6a]
stable/4.19: [669c76e55de332fbcbce5b74fccef1b4698a8936]
stable/5.10: [6416c2108ba54d569e4c98d3b62ac78cb12e7107]
stable/5.15: [35351e3060d67eed8af1575d74b71347a87425d8]
stable/5.4: [9f95a161a7deef62d6d2f57b1a69f94e0546d8d8]
stable/6.1: [747ca7c8a0c7bce004709143d1cd6596b79b1deb]

* Updated CVEs

CVE-2022-38457: A use-after-free(UAF) vulnerability in vmxgfx driver

The mainline and stable 6.1 were fixed.
It was introduced by commit e14c02e ("drm/vmwgfx: Look up objects
without taking a reference") in 4.20-rc1 so before 4.20 kernels aren't
affected.

Fixed status
mainline: [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
stable/6.1: [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a]

CVE-2022-40133: A use-after-free(UAF) vulnerability in vmxgfx driver

The mainline and stable 6.1 were fixed.
It was introduced by commit e14c02e ("drm/vmwgfx: Look up objects
without taking a reference") in 4.20-rc1 so before 4.20 kernels aren't
affected.

Fixed status
mainline: [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
stable/6.1: [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,
-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com


^ permalink raw reply	[flat|nested] 2+ messages in thread
* xfs/setgid rewrite in 5.10 was Re: [cip-dev] New CVE entries this week
  2023-03-22 23:10 New CVE entries this week Masami Ichikawa
@ 2023-03-23  9:32 ` Pavel Machek
  0 siblings, 0 replies; 2+ messages in thread
From: Pavel Machek @ 2023-03-23  9:32 UTC (permalink / raw)
  To: cip-dev

[-- Attachment #1: Type: text/plain, Size: 1170 bytes --]

Hi!

> It's this week's CVE report.
> 
> This week reported 6 new CVEs and 2 updated CVEs.
> 
> * New CVEs

There is something going on with xfs/chown/setgit and probably
overlayfs. These are from 5.10.176 review:

 |73894b749 e014f3 o: 5.10| xfs: use setattr_copy to set vfs inode attributes
 |be9c3268a 2b3416 o: 5.10| fs: add mode_strip_sgid() helper
 |5b02d54d5 1639a4 o: 5.10| fs: move S_ISGID stripping into the vfs_*() helpers
 |b5eea92ad 11c2a8 o: 5.10| attr: add in_group_or_capable()
 |9a856d215 e243e3 o: 5.10| fs: move should_remove_suid()
 |bba459793 72ae01 o: 5.10| attr: add setattr_should_drop_sgid()
 |c2abc5886 ed5a70 o: 5.10| attr: use consistent sgid stripping checks
 |215bf9f27 8d84e3 o: 5.10| fs: use consistent setgid checks in is_sxid()
 |1c7588d55 b0463b o: 5.10| xfs: remove xfs_setattr_time() declaration

If you are using xfs or overlayfs, you may want to investigate.

If someone has corresponding CVE entry, that would be nice, too.

Best regards,
									Pavel

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-23  9:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-22 23:10 New CVE entries this week Masami Ichikawa
2023-03-23  9:32 ` xfs/setgid rewrite in 5.10 was Re: [cip-dev] " Pavel Machek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).